|
 |
540324 |
From 279b1d8b585d3521d4910ec8aa69583f9b7031ac Mon Sep 17 00:00:00 2001
|
|
|
540324 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
540324 |
Date: Mon, 25 May 2020 10:51:24 +0200
|
|
|
540324 |
Subject: [PATCH 1/3] change rekey limit to 1G 1h in rhel8 ospp
|
|
|
540324 |
|
|
|
540324 |
---
|
|
|
540324 |
.../guide/services/ssh/ssh_server/var_rekey_limit_size.var | 1 +
|
|
|
540324 |
rhel8/profiles/ospp.profile | 2 +-
|
|
|
540324 |
rhel8/profiles/stig.profile | 3 +++
|
|
|
540324 |
3 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
540324 |
|
|
|
540324 |
diff --git a/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var b/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var
|
|
|
540324 |
index 16dc376508..395a087a68 100644
|
|
|
540324 |
--- a/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var
|
|
|
540324 |
+++ b/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var
|
|
|
540324 |
@@ -12,3 +12,4 @@ options:
|
|
|
540324 |
sshd_default: "default"
|
|
|
540324 |
default: "512M"
|
|
|
540324 |
"512M": "512M"
|
|
|
540324 |
+ "1G": "1G"
|
|
|
540324 |
diff --git a/rhel8/profiles/ospp.profile b/rhel8/profiles/ospp.profile
|
|
|
540324 |
index a5223a187f..0dca8350f9 100644
|
|
|
540324 |
--- a/rhel8/profiles/ospp.profile
|
|
|
540324 |
+++ b/rhel8/profiles/ospp.profile
|
|
|
540324 |
@@ -58,7 +58,7 @@ selections:
|
|
|
540324 |
- sshd_set_keepalive
|
|
|
540324 |
- sshd_enable_warning_banner
|
|
|
540324 |
- sshd_rekey_limit
|
|
|
540324 |
- - var_rekey_limit_size=512M
|
|
|
540324 |
+ - var_rekey_limit_size=1G
|
|
|
540324 |
- var_rekey_limit_time=1hour
|
|
|
540324 |
- sshd_use_strong_rng
|
|
|
540324 |
- openssl_use_strong_entropy
|
|
|
540324 |
diff --git a/rhel8/profiles/stig.profile b/rhel8/profiles/stig.profile
|
|
|
540324 |
index 2bb81cf9dc..a156857647 100644
|
|
|
540324 |
--- a/rhel8/profiles/stig.profile
|
|
|
540324 |
+++ b/rhel8/profiles/stig.profile
|
|
|
540324 |
@@ -44,3 +44,6 @@ selections:
|
|
|
540324 |
- package_rsyslog-gnutls_installed
|
|
|
540324 |
- rsyslog_remote_tls
|
|
|
540324 |
- rsyslog_remote_tls_cacert
|
|
|
540324 |
+ - sshd_rekey_limit
|
|
|
540324 |
+ - var_rekey_limit_size=512M
|
|
|
540324 |
+ - var_rekey_limit_time=1hour
|
|
|
540324 |
|
|
|
540324 |
From d8ce7bb5f47665e40b6ec2c47e565bb7c46164a9 Mon Sep 17 00:00:00 2001
|
|
|
540324 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
540324 |
Date: Mon, 25 May 2020 10:51:54 +0200
|
|
|
540324 |
Subject: [PATCH 2/3] update stable ospp profile
|
|
|
540324 |
|
|
|
540324 |
---
|
|
|
540324 |
tests/data/profile_stability/rhel8/ospp.profile | 2 +-
|
|
|
540324 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
540324 |
|
|
|
540324 |
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
540324 |
index bdda39a903..25f7922bf3 100644
|
|
|
540324 |
--- a/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
540324 |
+++ b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
540324 |
@@ -214,7 +214,7 @@ selections:
|
|
|
540324 |
- timer_dnf-automatic_enabled
|
|
|
540324 |
- usbguard_allow_hid_and_hub
|
|
|
540324 |
- var_sshd_set_keepalive=0
|
|
|
540324 |
-- var_rekey_limit_size=512M
|
|
|
540324 |
+- var_rekey_limit_size=1G
|
|
|
540324 |
- var_rekey_limit_time=1hour
|
|
|
540324 |
- var_accounts_user_umask=027
|
|
|
540324 |
- var_password_pam_difok=4
|
|
|
540324 |
|
|
|
540324 |
From 6623ece14b6534164a3b953fd43111cae4a3eeea Mon Sep 17 00:00:00 2001
|
|
|
540324 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
540324 |
Date: Thu, 28 May 2020 09:30:58 +0200
|
|
|
540324 |
Subject: [PATCH 3/3] propagate change also into stig profile
|
|
|
540324 |
|
|
|
540324 |
---
|
|
|
540324 |
rhel8/profiles/stig.profile | 3 ---
|
|
|
540324 |
tests/data/profile_stability/rhel8/stig.profile | 2 +-
|
|
|
540324 |
2 files changed, 1 insertion(+), 4 deletions(-)
|
|
|
540324 |
|
|
|
540324 |
diff --git a/rhel8/profiles/stig.profile b/rhel8/profiles/stig.profile
|
|
|
540324 |
index a156857647..2bb81cf9dc 100644
|
|
|
540324 |
--- a/rhel8/profiles/stig.profile
|
|
|
540324 |
+++ b/rhel8/profiles/stig.profile
|
|
|
540324 |
@@ -44,6 +44,3 @@ selections:
|
|
|
540324 |
- package_rsyslog-gnutls_installed
|
|
|
540324 |
- rsyslog_remote_tls
|
|
|
540324 |
- rsyslog_remote_tls_cacert
|
|
|
540324 |
- - sshd_rekey_limit
|
|
|
540324 |
- - var_rekey_limit_size=512M
|
|
|
540324 |
- - var_rekey_limit_time=1hour
|
|
|
540324 |
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
540324 |
index ebef541921..6c4270925f 100644
|
|
|
540324 |
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
540324 |
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
540324 |
@@ -242,7 +242,7 @@ selections:
|
|
|
540324 |
- timer_dnf-automatic_enabled
|
|
|
540324 |
- usbguard_allow_hid_and_hub
|
|
|
540324 |
- var_sshd_set_keepalive=0
|
|
|
540324 |
-- var_rekey_limit_size=512M
|
|
|
540324 |
+- var_rekey_limit_size=1G
|
|
|
540324 |
- var_rekey_limit_time=1hour
|
|
|
540324 |
- var_accounts_user_umask=027
|
|
|
540324 |
- var_password_pam_difok=4
|